First sorry for my English, is the first time that I participate in the forum.

I have a serious problem with my mail server, it is being used for sending a large amount of spam. Everything has already been verified, they can be sure. What happens is that an external IP can somehow generate messages that are sent from localhost and send to multiple recipients. But there is no authentication whatsoever, it is as if the server had been hacked, just that even tools rootkit detect anything.
The server is a Debian with version 5 6.0.4_GA_2038.DEBIAN5 DEBIAN5 FOSS edition, is there any bug that allows it?